Login: Support | Partner    
 
Home » Technology » Greenbone OS: Current 

Greenbone OS: Current

Releases under development are listed here: Roadmap.

Releases beyond status End-of-Life are listed here: Old Releases.

Please read in our Learning Center about how to execute a upgrade and what to consider for this.

2014-03-21: Greenbone OS 3.0

top^

Latest patch level: 3.0.15 (2014-04-05)

The items marked with (*) will change the default behaviour.

  • Versioning: From GOS 3.0 the patch level versions will be indicated by the third part of the version number. For example the tenth patch level will be "3.0.10" instead of "3.0.0-10".

  • Groups: For access permissions users can now be associated with Groups. The web interface allows full management of these groups for users with Administrator role.

  • Permissions: Under menu "Configuration" there is now a new item "Permissions". Here the user has an overview on all of his access permissions and opportunities to manage them.

  • (*) Alive-Test (Up-Test, Ping-Test): The type of this test that determines whether a system is active and therefore can be scanned is now adjustable as a property of the object "Target". Which means it can be changed without the need to change Tasks or Scan Configurations. Possible methods are the same as before: ICMP, TCP and ARP.

    The default setting for the Alive-Test changes from ICMP&TCP&ARP to just ICMP. Hence it can happen that results change for some of your Tasks because some systems are not regarded as alive anymore. But in most cases where larger IP ranges are scanned the scan duration will significantly drop down. However, you do not need to change a Scan Configuration or Task to get back to the previous state, you just need to adjust the Alive-Test method for the respective Target.

  • (*) Severity replaces Threat: The concept of Threat Classes is extended to the Severity concept where the severity is not just a class but also contains a specific CVSS value. The CVSS value of a Severity is always the highest occurring CVSS value in the corresponding scan results. This allows a higher granularity in the view and for example improves sorting.

    This means comprehensive changes for the whole application:

    • Task Overview: So far only the Threat level was stored for Tasks. Because old tasks covered results with only threat level and no CVSS level (meanwhile all NVTs are assigned with a CVSS), the migration will use old rules of attaching a threat level and therefore insert the maximum of the respective level. This means that the Severity may show a higher CVSS value than then highest value actually present in the results. But this guarantees that the threat level will remain the same. The following values are therefore applied during the migration: High: 10.0, Medium: 5.0, Low: 2.0. Of course for new scans the exact values as occurring in the results are applied.

    • Task-Details: For the list of reports of a task the very same changes and migration rule is applied as for the Task Overview.

    • Notes: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that notes may get invisible when NVTs are updated.

    • Overrides: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that overrides may not be applied when NVTs are updated.

      Furthermore, the New Severity is not anymore just a threat level but rather a CVSS value. Old overrides with just threat level are migrated with the same scheme as the Tasks and Reports (see above).

  • Tags: The new configuration object class "Tag" allows to attach short texts to almost any other object. These texts are available to filtering and are included in export files. This enables to create thematic groups or attach arbitrary attributes to objects.

  • Reports: Under menu "Scan Management" there is now an overview on any available scan report, regardless of the relations to a task. The powerfilter is available here as well.

    This new view replaces the report list in the task details dialog. Suitable filters are set automatically.

  • Search interface for all objects of the SecInfo Management: Via new menu item "All SecInfo" it is possible to search for keywords and with other methods of the Powerfilter through almost 300.000 objects of various types.

  • Web interface is extended with multi-lingual support and translated into German language.

  • New pre-configure Scan Configuration "Host Discovery". This Scan Configuration simply searches for real systems for the given target addresses. No vulnerability tests are executed. The result is just a list of hosts that are regarded active.

  • New pre-configure Scan Configuration "System Discovery". This Scan Configuration applies any NVTs that discover operating system types and/or hardware device types. No vulnerability tests are executed. The main result is an overview on the found operating system and devices.

  • New pre-configure Scan Configuration "Discovery". This Scan Configuration applies any NVTs that discover as many details about the target system, installed services and applications, as possible. No vulnerability tests are executed.

  • Tasks: New class "Alterable Task" allows to change Target and Scan Config even if there are already reports for this task. This allows to have a playground task not designed to grant consistency between its reports.

  • Integrated online CVSS calculator: Under menu "Extras/CVSS Calculator" a form is available that supports calculating a CVSS value.

  • (*) Reports: The browser for the report view was entirely reworked and split up into multiple sections, each with a page of its own. Countless changes and extensions were applied.

    Attention: The changes are significant regarding the default view and regarding the powerfilter. Older stored powerfilters for reports may not work anymore and need to be re-created.

  • (*) Reports: Users can now individually configure the severity class ranges (High, Medium, Low) for the results view.

    Attention: The predefined class range is now the one of NIST. Therefore the colors in the view can change for old results and filters may return different results. If you want to switch back to the old behaviour, just enter "My Settings" and select "OpenVAS Classic" for severity classes.

  • Powerfilter: The powerfilter now offers a expand/collapse functionality in order to offer a regular dialog as equivalent to the content of the filter string. Dialog and filter string are automatically mutually synchronized.

  • Target: It is now possible to reduce the selected range of target systems via some rules. This includes an exclude list, reduction of double entries via Reverse Lookup and making Reverse Lookup obligatory.

  • Host access rules: More opportunities to deny or allow scan of host for each users, for example hostnames can now also be applied.

  • Interface access rules: This new feature allows on the one hand to specify a special interface (like "eth1") for each task. On the other hand it is possible to express rules to allow or deny access to interfaces for each user.

  • Problems with DNS resolving during scan: Each failed resolving of a target system name is not listed in section "Errors" of the report browser.

  • Reports: The port information is now extended with the current IANA service name that is registered for this port.

  • New pre-defined Report Format Plugin "CSV Results": Comma-separated text table of single results.

  • New pre-defined Report Format Plugin "CSV Hosts": Comma-separated text table of result overview for each target system.

  • (*) The Scanner preference "silent_dependencies" was removed. It was reducing the number of reported results to only those NVTs that were explicitly selected. This is not necessary anymore because the filtering can now take care of reducing reports. Furthermore, incomplete reports without log information do not offer adequate transparency.

    In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports.

    Note that when using one of the pre-defined Scan Configurations you will see no changes because these were explicitly selecting all the NVTs.

  • (*) The Scanner preference "host_expansion" was removed. Its purpose was to automatically expand the target hosts. This functionality should not be done by a Scanner, especially because it can lead to unforeseeable expansions.

    Using one of the pre-defined Scan Configurations or derived ones, no changes of the behaviour will happen.

  • (*) The Scanner will not create explicit results for detected ports anymore. These results had no reference to NVTs and were redundant anyway. An overview on the detected ports is already provided by other NVTs as log information. Additionally the new user interface even offers a explicit tabular overview in identified ports as part of the new report browser.

  • Tasks: It is now possible to configure the order in which the target hosts are scanned: Sequential (like before), reverse and random.

  • Task Details: The list of reports is now handled via the new object management. This also adds the powerfilter to this page.

  • Notes/Overrides: The actual note text is now used as identifier in the list instead of the NVT name.

  • Web-GUI: Consistent access to object details always via identifier in first column. The redundant button for Details is therefore removed from the set of Actions.

  • User management is made available via OMP.

  • Feed management is made available via OMP.

  • Port 80 is automatically redirected to 443. This means that if you enter "http://gsm.example.com" this is automatically changed to "https://gsm.example.com" instead of a failure message of the browser.

  • OVAL Definitions: The overview as well as the details dialog for OVAL Definitions has been reworked.

Patch-Level GOS 3.0:

  • 3.0.15 (2014-04-05):

    • The NVTs "Host Summary" and "CPE Inventory" have been disabled for all pre-installed scan configurations. These data are available in the other results sections anyway (#36104, #35927).

    • For GSM ONE the web address is now displayed directly on the console (#36316).

    • Switched internal logging of web service to SysLog (#36340).

    • Formatting improvements of various login messages of the internal administration level (#36201, #36317).

    • Bugfix für Report Format Plugin GSR which failed in some cases fehl schlug (#36282).

    • Bugfix that moves the DHCP log information in gos-admin-menu to the suitable section (#31287).

    • New: Quick-Task Wizard, available on the wizard page of tasks. For GSM ONE this dialog is reduced (no alerts) (#33889, #36424, #28196, #2013022810000017, #2013112510000014).

    • Restricted offer of TLS versions and ciphers of the web interfaces. Older browsers can not access the web interface any more (#35333).

    • The pre-selected Report Format Plugin for prognosis is now the simple PDF report (#26361).

    • Bugfix that removes unneeded temporary files of services that were removed since GOS 3.0 (#36357).

    • Extended scanner capabilities for TLS services (v1.1 und v1.2) (#36109).

    • Bugfix for the setting of results filter for alerts (#36094).

    • TLS ciphers settings of OMP adjusted to the same as for HTTPS (#34747).

    • Bugfix regarding the LCD display control (#36372).

    • Bugfix to have now an absolute path for the location header of the web interface. This improves the use with proxies (#9709).

  • 3.0.14 (2014-03-27):

    • Updated Report Format Plugins GXR and GSR to version 2.0.1 (#35767).

    • Reduced internal log information of Greenbone OS (#35710).

    • Improved support for hypervisor for GSM ONE (#20497).

    • Bugfix for the entry of Alive-Test method in the web interface (#36165).

2013-06-07: Greenbone OS 2.2.0

top^

Latest patch level: 2.2.0-28 (2014-04-12)

The items marked with (*) will change the default behaviour.

  • Tasks: Now with new object management

    Tasks are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Overrides: Now with new object management

    Overrides are now handled via the new object management and therefore gain access to the power filter and to the trashcan. Functionalities Clone and Export are also added.

    Furthermore Overrides can now be directly created even without necessity to go via a Task.

    All user interfaces where lists of Overrides were shown, like for NVT Details, were changed so that the lists are replaced by a link into the Overrides management with a appropriate context filter.

  • SecInfo Management: CVE data with new object management

    The CVE Lookup is replaced by the new object management. This makes interactive search, the Powerfilter and many other functions available for CVE data. The Greenbone SecInfo CVE database contains the official CVE database of MITRE with over 50,000 CVEs.

  • SecInfo Management: OVAL database

    New element of the SecInfo Management are the OVAL data. OVAL stands for Open Vulnerability Assessment Language and is a formal description for vulnerability evaluation. These information help with the analysis and are cross-referenced via CVE. The Greenbone SecInfo OVAL database contains the official OVAL Repository of MITRE with over 14,000 OVAL Definitions.

  • SecInfo Management: DFN-CERT Database

    A new class in the SecInfo Management are the security alerts issued by the German DFN-CERT, the CERT of the German research network. These security alerts are published in German language and are referenced into scan result via CVE identifiers.

  • Port Lists: Now with new object management

    Port Lists are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

  • Credentials: Now with new object management

    Credentials are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export. Passwords will of course not be present in exported data.

  • Schedules: Now with new object management

    Schedules are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Scan Configs: Now with new object management

    Scan Configs are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

  • Alerts: Now with new object management

    Alerts are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Report Formats: Now with new object management

    Report Formats are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Slaves: Now with new object management

    Slaves are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Powerfilter: Syntax extension to select backward from current date for a fixed time span in timestamp columns. For example, "modified>-7d" will select all objects modified in the past 7 days.

  • Powerfilter: Syntax extension to select exact matches in multiple fields. For example, "=192.168.12.1" will select all objects where any of the fields contains exactly this IP.

  • SCAP Feed-Update: This function is now also available via the Web-Interface in the Administration area. However, the updates are still done automatically in the background. A manual start is rarely needed in special situations.

  • Personal default powerfilters: In "My Settings" it is now possible to set a preferred Powerfilter for each object class. If you open the overview of the object class, for example the Task overview, automatically your personal default Powerfilter will be used to apply your preferred sorting and filtering.

  • Agents: Now with new object management

Patch level GOS 2.2.0:

  • 2.2.0-28 (2014-04-12): Extended capabilities of the scanner for testing special TLS services (#36302, #36167).
    Bugfix that now allows to enter AD accounts for authenticated proxies in gos-admin-menu (#36425, #2014040110000026).
    Bugfix that fixes the visibility of tasks of deleted users (#33831, #2013121310000026).
    Bugfix that makes the scanner fix defect cache on its own (#35258).
    Improvement that helps to take care if mainenance reboots are necessary (#36373).
    Bugfix to solve the problem that under some certain conditions the cloning of a task create an empty container (#34636).
    Bugfix to remove some possibly left-over cache files (#36594).
    Bugfix tp reduce the internal use of NTP (#35777).
    Slight speed-up of boot time for large databases (#36478).

  • 2.2.0-27 (2014-03-18): Bugfix for upgrade routine to GOS 3.0 (#35915).

  • 2.2.0-26 (2014-03-15): Due to much stricter SSL certificate checks in GOS 3.0 even for certificates only used internally, the validity is now checked prior to a release switch and you may get asked to update a certificate (#35353).
    Added for support and debug purposes: Internal logging of root commands (#31144, #35378).
    Released GOS 3.0 BETA-Tests for GSM 100 (#35915).

  • 2.2.0-25 (2014-02-14): Bugfix to re-enable the opportunity to create a new target. With the changes introduced in patch level 24 regarding UDP ports a regression occurred that is now solved. (#35257).

  • 2.2.0-24 (2014-02-12): Improved pre-installed Report Format Plugins to consider subsections of NVTs as recently introduced via Greenbone Security Feed (explicit sections for impact, insight, etc.) (#34232).
    Bugfix for scans where UDP ports are scanned while the respective TCP ports were not in the covered by the same Port List. This could have led to false negatives for some NVTs. The pre-configured port lists were not affected (#32366).
    In simple PDF Report Format Plugin, column "Most Severe Result(s)" was removed from the table as it was redundant and sometimes caused exceeding of the page width (#34788, #2014012710000019).
    Task details view now automatically considers the overrides switch (#35054, #2014020610000048).
    Tiny typo in GOS-Admin-Menu (mailhub) (#33890).
    Removed wrongly issued warning message when setting a sensor in GOS-Admin-CLI (#31062, #2013080210000046).
    Added internal lint package for NVTs to accelerate internal NVT QA process (#34111).
    Task status "Delete Requested" for email alerts is removed from web interface as it is of no practical value there (#34233).
    The password in the proxy credentials dialog of GOS-Admin-Menu is not printed on the screen anymore when entered in the dialog (#32707).
    Removed RC4 ciphers from offered ciphers of the HTTPS service of GSM (#34746).
    Internal improvements to prepare migration to GOS 3.0 (#34720, #34658, #35055).

  • 2.2.0-23 (2013-12-21): Bugfix to consider proxy settings during selfcheck in gos-admin-menu (#25028).

  • 2.2.0-22 (2013-12-19): Bugfix to deactivate menu item "Copy Userdata to USB" in gos-admin-menu while a backup is already in progress. (#30978, #2013080210000019).
    Added internal support of GSM sub-types (#32942).
    Bugfix to consider also CERT Feed via feed sync settings of gos-admin-menu (#32943).
    Improvement of performance of sensor synchronisation (#32944).
    Dropped static DHCP client-identifier which avoids trouble of multiple GSM handled by the same DHCP servers (#22577).
    Bugfix to avoid empty CVSS base values for some NVTs (#33365).
    Dropped internal fe80::dead:beef address to avoid log noise (#30977).
    Bugfix to transfer also ESXi credentials to slaves (#33455, #2013120210000056).
    Improved verinice connector regarding document uploads to verinice.PRO (#31798).
    Bugfix for graph "CVSS Distribution for Vulnerabilities" in GXR/GSR report formats that showed a wrong value for "High" in certain cases (#33371, #2013112710000038).

  • 2.2.0-21 (2013-11-09): Bugfix: A security problem is fixed in the OAP protocol that allowed to bypass the authentication procedure. However, due to the Greenbone OS security architecture, the privileges required to exploit this issue on any GSM would require higher privileges than gained through the exploit. Though no practical security problem arises, it is fixed for convenience (#32989).

  • 2.2.0-20 (2013-11-09): Security bugfix: A security problem is fixed in the OMP protocol that allowed to bypass the OMP authentication procedure. The attack vector is remotely available in case public OMP is enabled. In case of successful attack, the attacker gains partial rights to execute OMP commands. The bypass authentication is, however, incomplete and several OMP commands will fail to execute properly (#32985, GBSA-2013-01).

  • 2.2.0-19 (2013-10-29): Add timezone entry in dialog "New Schedule" (#30981, 2013040810000061).
    Improve error handling for situations where single internal services are taken down. This reduces system load if such cases happen (#31966).
    Internal improvements to prepare direct upgrade opportunity from GOS 2.0 to GOS 2.2 (#32221).
    Improved consistency of the overrides setting (#32222, #31567, 2013100210000087, 2013090510000021).
    Strip last part of subnet IP in built-in NBE Report Format Plugin for compatibility/convenience (#32519).
    Bugfix to allow GSM 5x0 to store the public master key of another master GSM (#32816, 2013102410000036).
    Enable sensor mode option for GSM 100 and GSM 5x0 for GSM 5300/6400 as Sensor Master (#32860).

  • 2.2.0-18 (2013-10-12): Bugfix to re-enable OMP interface if it was enabled before. The public OMP interface accidentally was shut-down with patch level 17 on some GSM systems. This especially affects scan sensors. However, managed sensors are automatically re-enabled once the master unit is updated to patch level 18. (#32355).

  • 2.2.0-17 (2013-09-28): Extended built-in NBE report format plugin to add cross-references in result texts (#31285, 2013080910000042).
    Bugfix to get authenticated tests using autogenerated PKCS#8 SSH credentials to work (#31486, #2013082910000013).
    Added feature to allow creating notes and overrides directly from the NVT details dialog (#32021, #2013092410000039).
    Bugfix to reduce number of unneeded log messages (#32070).
    Bugfix for cases where it happened that a new-style NVT reported an empty text when detecting the vulnerability. Old results with empty result text will be extended with a standard text. The scan result as such was always correct (#32034, #32071, #2013092510000019).

  • 2.2.0-16 (2013-09-20): Bugfix for upgrade of sensors with outdated Feed. (#31911).

  • 2.2.0-15 (2013-09-18): Bugfix to ensure to have special configurations of OMP service stay active over migration from 2.1 to 2.2 (#31725).
    Bugfix to have the Sensor synchronization consider the release version (#31722).
    Added the "autoslavesync" option to gos-admin-menu under menu "Sensors" for GSMs that are capable of being Sensor Masters (#31723).
    Added "feedsync" and "feedfrommaster" option to gos-admin-menu under menu "Feed Management" (#31797).

  • 2.2.0-14 (2013-08-31): Bugfix to avoid warning messages "cleanup_manage_process" in the log file (#31288).
    Bugfix for a internal error when trying to change the password (#31007).
    Bugfix for re-login problems after changing the password (#31006).
    Added "Restore Userdata Backup" option to gos-admin-menu for GSM 100 (#31359).
    Bugfix to avoid a wrong error log file message on "database backup failed". The backup was created correctly (#31286).
    Improved userdata restore procedure with an immediate database rebuild (#31361).
    Extended selfcheck with warning in case a patch-level update has not yet been applied (#31414).
    Minor corrections of internal system documentation (#31437).
    Bugfix for the tooltip on NVT names in the NVT overview list of SecInfo Management (#31479).
    Reduced internal log level from 128 to 127 to avoid some debug logging in the regular logging (#31481).

  • 2.2.0-13 (2013-08-22): Affects only GSM 500 or beyond and only when used with Scan Sensors that are configured for automatic update via Master-GSM: Some systems were shipped with a pre-generated masterkey for usage with scan sensors. If such a key is found during update to this patch level, it will be deleted and a new one created with suitable identifier. This makes it urgently necessary to update the key manually on each scan sensor via the command "masterkeydownload". Whether a GSM is affected can be checked via the extended self-check of GOS-Admin-Menu (#31081).
    Bugfix for permission problem at restore of a userdata backup (#30903).
    Extended allowed characters in comment fields by round brackets (#30426, #2013062610000022).
    Bugfix to immediately delete single results of a finally removed report. At this occasion the database is searched for other orphaned results and will remove these as well (#30960).
    Bugfix for OMP: If get_overrides is called with details=1, now the threat-element will be included in the response according to API documentation (#30968).
    Log information on execution of OMP commands now contains also the name of the user who executed the command (#30320, #2013062110000022).
    Bugfix for sorting NVTs by CVSS. Now the sorting takes place on numerical basis instead of string basis (#30343).
    The userdata backup now includes the "private" areas of NVT, SCAP and CERT (#31083).
    Autogenerated credential installer: Now, space characters are possible in the name (#31063, #2013080610000057).
    Bugfix for Reports with Overrides: False Positives were included in a report even if "No overrides" was selected. This has been fixed (#31126, #2013080910000033).
    GOS-Admin-Menu will now issue a warning in case the free disk space is low. The test for free disk space is now also part of the Selfcheck (#31143).
    Extension of Selfcheck in GOS-Admin-Menu to check whether scan sensors can automatically be updated (#31148).
    It is now ensured that during a migration from GOS 2.1 to GOS 2.2 there is sufficient entropy for the creation of the credential encryption key. This reduces the migration duration significantly (#30988, #2013080210000037).
    Bugfix for web interface: Special characters in the URL are no ignored. Before it was possible to loose the session token when this happened and a user had to authenticate again (#31164).

  • 2.2.0-12 (2013-07-27): Performance improvement for OMP command "get_nvts" (#30754).
    Extended allowed characters in comment fields by round brackets (#30426, #2013062610000022).
    Bugfix for migration from GOS 2.1 to GOS 2.2 regarding the encryption of credential passwords (#30880).
    Bugfix for GSM 25/100 for the CLI Admin command "show usb" (#30898).

  • 2.2.0-11 (2013-07-17): Bugfix for creation of a new filter with an empty filter directive (#30220).
    Bugfix to display active state of Report Format Plugins correctly for newly imported plugins (#30164).
    Bugfix for creation of overrides (#30252).
    Bugfix fpr OMP calls for special Asset Reports (#30301, #2013061210000012).
    Bugfix for the CVSS Calculator that now can interpret all abbreviations (#30253).
    Bugfix for GOS-Admin-Menu that makes the userdata backup visible again for GSM 100 (#29482).
    Bugfix for the creation of special Notes and Overrides (#30376, #30379, #2013062410000017).
    Bugfix for XML escaping in URL references in NVT meta data (#30389, #2013062510000015).
    Bugfix that removes a wrong error message that could occur during Feed updates. (#30596).
    Bugfix for GOS-Admin-Menu so that for GSM 25V it is allowed to configure 4 network interfaces (#30704).

  • 2.2.0-10 (2013-06-19): Disallow invalid port numbers when editing a Note or Override (#29905).
    Bugfix for auto-credential creation (#30161, #2013061310000074).
    In Results View, extended text search to new-style NVTs with their extended description sections (#30042).
    Bugfix for OMP interface which was not responding (#30119, #30162, #2013061210000012).
    Improved performance of Task Details page (#28828, #2013040310000015).
    Fixed bug for displaying certain DFN-CERT entries. Now the description is displayed also when no CVEs are referenced (#30039).
    Updates of built-in Report Format Plugins GXR and GSR (#29984).
    Improved automatic internal recovery from malformed database situations (#29964).
    Bugfix for internal flash-upgrade mechanism to allow for future upgrades (#30118).

  • 2.2.0-9 (2013-06-07): Last release of Beta phase. First release of 2.2.0.

2013-02-12: Greenbone OS 2.1.0

top^

Latest patch level: 2.1.0-33 (2014-02-28)

The items marked with (*) will change the default behaviour.

  • Auto-FP: Automatic assistant for detecting likely False Positives

    The design of the Greenbone technology includes minimum tolerance for False Negatives, because a False Negative means missing a message for a real threat. Instead, when in doubt, False Positives are tolerated. This means messages may be present where there is actually no problem. The reason for this strategy is pretty simple: False Positives are manageable, False Negatives are not.

    Greenbone provides unique functions for False Positive management. For quite some time already the Overrides feature has allowed easy flagging of False Positives, including tolerance duration and generalization of the override.

    The Auto-FP feature is the next consequent step: it is internal intelligence that identifies, marks and filters likely False Positives by information intersection. This way the user has a helpful yet simple instrument for the assessment of security messages. Toggling some switches quickly changes the view. This method is especially helpful for systems where patch level versioning of services and applications is not visible.

    The Auto-FP feature uses information from the target systems as well as expert knowledge that is extended and updated via the Greenbone Security Feed.

  • Tasks: Multiple Alerts

    Tasks can now be coupled with a arbitrary number of different Alerts. This allows for example to send different types of reports to different email addresses and at the same time open a ticket in your issue tracking system and finally feed the ISMS and the IPS system - all automatically each time the scan task finishes.

  • Overview on closed CVE's.

    In reports the user can get a list of all CVE's that are officially closed by vendor updates on the respective system.

  • Notes: Now with new object management

    Notes are now handled via the new object management and therefore gain access to the power filter and to the trashcan. Functionalities Clone and Export are also added.

    Furthermore Notes can now be directly created even without necessity to go via a Task.

    All user interfaces where lists of Notes were shown, like for NVT Details, were changed so that the lists are replaced by a link into the Notes management with a appropriate context Filter.

  • New object class "Filter".

    The new object class allows to store rules for search and sorting. These can be applied for Targets, Reports and other objects and later easily be used.

    For example, a report filter can be configured in the report view and later be used as attribute of a Alert.

    The Filters also got the new object management interface which offers an easy way to manage them.

  • SecInfo Management: Becomes a menu of its own in web interface

    The relevance of the SecInfo Management increases and becomes a main menu next to Task Management and Asset Management.

    Directly after an upgrade to this GOS version the SecInfo Management is unavailable for up to 24 hours, including the depending prognosis functionality. The reason is that the database is rebuild during the extension of the data.

  • SecInfo Management: CPE data with new object management

    The CPE Lookup is replaced by the new object management. This makes interactive search, the Powerfilter and many other functions available for CPE data. The Greenbone SecInfo CPE database contains not only the official CPE database of MITRE. It also contains all CPEs used in any of the CVEs. In total this database contains ca. 150,000 CPEs.

  • Wizard Framework

    The new Wizard Framework is a technical basis for embedding wizards. These wizards are usually short-cuts where as many things as possible are done automatically applying sensible defaults.

    Wizards appear as long as the user did not work a lot with the application. After a certain number of objects are managed (this number is configurable by the user) the wizard does not appear anymore, but can be called via the wizard icon.

  • Quick start Task Wizard: Immediately scan an IP address

    With the Task Wizard you only need to enter a target system address. The wizard will do all necessary configurations and start the scan task.

  • (*) LDAP/ADS Authentication: Is now done consistently via "LDAP per-user". The handling of authorization (for example roles) is not managed anymore via LDAP/ADS. The configuration of a LDAP or ADS in GSM needs to be done anew.

  • Tasks/Asset Management: A new switch for Tasks allows to determine whether the scan of this task are to be considered for the Asset Management.

  • Schedules: Daylight saving is now automatically considered.

  • Schedules: Can now be modified via the new edit functionality.

  • Targets: Extended powerfilter now covers sorting. The entry field of the powerfilter can now process any filter control element.

  • Alerts: The new attribute "Filter" allows to apply individual report filter rules for those alerts where a scan report is processed.

  • New Alert for automatic data transfer to ISMS verinice.PRO.

  • Airgap Synchronization: GSM from GSM 500 upward offers a Feed synchronization via USB sticks between devices of the same type. The instructions when to plug or change the USB stick are managed via the LCD display. It is not necessary to log into the system and even a daily update means only little effort.

  • Full availability of web interface even concurrently with comprehensive feed updates.

  • Scanner is extended with comprehensive certificate engine to allow various types of x509 (ssl) certificate checks such as validity, wrong use etc.

  • Upgrade Nmap: The integrated network mapping tool is updated to version 6.01.

  • Upgrade w3af: The integrated web application scanner w3af is updated to version 1.1.

  • Proxy for Feed synchronization: Now also proxies with authentication can be used.

  • Changed sequence and grouping of menu items of web interface.

Patch level GOS 2.1.0:

  • 2.1.0-33 (2014-02-28): Bugfix to make the proxy credentials editing in GOS-Admin-Menu not fail (#35505).
    Bugfix to make the feed management in GOS-Admin-Menu not fail (#35504).

  • 2.1.0-32 (2014-02-27): Improved pre-installed Report Format Plugins to consider subsections of NVTs as recently introduced via Greenbone Security Feed (explicit sections for impact, insight, etc.) (#34232).
    Bugfix for scans where UDP ports are scanned while the respective TCP ports were not in the covered by the same Port List. This could have led to false negatives for some NVTs. The pre-configured port lists were not affected (#32366).
    Removed wrongly issued warning message when setting a sensor in GOS-Admin-CLI (#31062, #2013080210000046).
    The password in the proxy credentials dialog of GOS-Admin-Menu is not printed on the screen anymore when entered in the dialog (#32707).
    Removed RC4 ciphers from offered ciphers of any TLS service of GSM (#34746).

  • 2.1.0-31 (2013-12-20): Bugfix to deactive menu item "Copy Userdata to USB" in gos-admin-menu while a backup is already in progress. (#30978, #2013080210000019).
    Dropped static DHCP client-identifier which avoids trouble of multiple GSM handled by the same DHCP servers (#22577).
    Improved verinice connector regarding document uploads to verinice.PRO (#31798).
    Bugfix to show the correct GOS 2.1 version number in gos-admin-menu (#33178).

  • 2.1.0-30 (2013-11-09): Bugfix: A security problem is fixed in the OAP protocol that allowed to bypass the authentication procedure. However, due to the Greenbone OS security architecture, the privileges required to exploit this issue on any GSM would require higher privileges than gained through the exploit. Though no practical security problem arises, it is fixed for convenience (#32989).

  • 2.1.0-29 (2013-11-09): Bugfix: A security problem is fixed in the OMP protocol that allowed to bypass the authentication procedure. However, for GOS 2.1 this has no effect because the connection is immediately terminated before executing any OMP command (#32985).
    Bugfix to allow GSM 5x0 to store the public master key of another master GSM (#32816, 2013102410000036).

  • 2.1.0-28 (2013-09-21): Release of upgrade to GOS 2.2 for GSM 25, 25V, 500, 510, 550, 5300 and 6400. (#31960).

  • 2.1.0-27 (2013-09-20): Bugfix for upgrade of sensors with outdated Feed. (#31911).

  • 2.1.0-26 (2013-09-19): Bugfix for Report Import to not fail if one of the new timestamp elements is present (#31554).
    Bugfix to have the Sensor synchronization consider the release version (#31722).
    Added the "autoslavesync" option to gos-admin-menu under menu "Sensors" for GSMs that are capable of being Sensor Masters (#31723).
    Added "feedsync" and "feedfrommaster" option to gos-admin-menu under menu "Feed Management" (#31797).

  • 2.1.0-25 (2013-09-05): Release of upgrade to GOS 2.2 for GSM 100 (#31487).
    Bugfix to immediately delete single results of a finally removed report. At this occasion the database is searched for other orphaned results and will remove these as well (#30960).
    Bugfix to avoid warning messages "cleanup_manage_process" in the log file (#31288).
    Bugfix to avoid a wrong error log file message on "database backup failed". The backup was created correctly (#31286).
    Added "Restore Userdata Backup" option to gos-admin-menu for GSM 100 (#31359).
    Improved userdata restore procedure with an immediate database rebuild (#31361).
    Minor corrections of internal system documentation (#31437).
    Bugfix for re-login problems after changing the password (#31006).
    Reduced internal log level from 128 to 127 to avoid some debug logging in the regular logging (#31481).
    Bugfix for Reports with Overrides: False Positives were included in a report even if "No overrides" was selected. This has been fixed (#31126, #2013080910000033).
    GOS-Admin-Menu will now issue a warning in case the free disk space is low. The test for free disk space is now also part of the Selfcheck (#31143).
    Extended selfcheck with warning in case a patch-level update has not yet been applied (#31414).

  • 2.1.0-24 (2013-08-15): Affects only GSM 500 or beyond and only when used with Scan Sensors that are configured for automatic update via Master-GSM: Some systems were shipped with a pre-generated masterkey for usage with scan sensors. If such a key is found during update to this patch level, it will be deleted and a new one created with suitable identifier. This makes it urgently necessary to update the key manually on each scan sensor via the command "masterkeydownload". Whether a GSM is affected can be checked via the extended self-check of GOS-Admin-Menu (#31081).
    Extension of Selfcheck in GOS-Admin-Menu to check whether scan sensors can automatically be updated (#31148).

  • 2.1.0-23 (2013-07-27): Bugfix for internal flash-upgrade mechanism to allow for future upgrades (#30118).
    Bugfix for GOS-Admin-Menu that makes the userdata backup visible again for GSM 100 (#29482).
    Bugfix for XML escaping in URL references in NVT meta data (#30389, #2013062510000015).
    Update of built-in Report Format Plugin "GXR" from 1.0.7 to 1.0.8 (#30568).
    Bugfix for GSM 25 for GOS Admin Menu, so that now the right labels are used for the Scan Account. (#30570).
    Bugfix for GOS-Admin-Menu so that for GSM 25V it is allowed to configure 4 network interfaces (#30704).
    Bugfix for GSM 25/100 for the CLI Admin command "show usb" (#30898).
    Release of upgrade to GOS 2.2 for GSM ONE (#30949).
    Improved automatic internal recovery from malformed database situations (#29964).

  • 2.1.0-22 (2013-06-05): Bugfix for GXR report, so that even for larger number of target systems a report document is created (#28870, #2013040510000021).
    Small beautification fix for airgap usb-stick creation routine (#26709).
    GSM 5300/6400: Support of Bonding (two 1GBit interfaces works as a single 2GBit interface or two 10Gbit interfaces work as a single 20Gbit interface). (#29246).
    Again bugfix for verinice Source-IDs in verinice alert (#29193, #2013041810000051).

  • 2.1.0-21 (2013-05-28): Allow to set timezones for schedules (#28896, #2013040810000061).
    Bugfix to allow deleting/starting paused tasks. (#27347).
    Bugfix to allow deleting a new and unused schedule object. (#29719, #2013051610000016).
    Increased size limit for user host access field. (#29216, #2013042210000015).
    Added "Scan initiated" timestamp to Report Summary. (#28831, #2013040210000017).

  • 2.1.0-20 (2013-05-16): Feed update routine now applies maximum compression. Transfer duration as well as transfer volume are lowered significantly. (#29223).
    Bugfix to not truncate notes when attached to HTML reports as used in email alerts (#27196, #2013020810000019).
    Extended GXR report to show also name and comment of the respective task (#28811, #2013040210000026).
    Extended verinice alert to use "digest" for HTTP and "anyauth" for HTTPS for authentication (#29257).
    Bugfix for verinice Source-IDs in verinice alert (#29193, #2013041810000051).
    Web interface: Missing session tokens or missing parameters will now lead automatically to login page or to a sensible page. This makes using bookmarks smoother. And it allows to create URLs (possibly in other applications) that will directly and smoothly guide users (like links to NVT or CVE details) (#29288, #29289).
    Fixed bug to show always correct Operating System Icon for Greenbone appliances (#28617).
    Bugfix for GSM 25V to allow configuration of eth0 via gos-admin-menu (#28725).

  • 2.1.0-19 (2013-05-07): Certificate validity extension for internal services. Without this validity extension no scanning will be possible anymore. The expiry of the certificate depends on GSM type and production date. An upgrade is highly recommended in any case for all GSMs. (#29475).

  • 2.1.0-18 (2013-03-22): Bugfix for power filter to keep the character "+" in search terms (#28357, #2013031210000018).
    Bugfix for power filter to handle character "#" properly in search terms (#28359).
    Made setting for management interface ("ifadm" in cli-admin) available in gos-admin-menu in submenu Network/ETH (#28385).
    Further reduced acccess rights of internal administration account (admin) (#28499).
    Bugfix to prevent editing of a target-in-use under certain conditions by greying out edit icon (#28529).
    Bugfix for internal process management to avoid running but unused OMP service processes. This happened under rare conditions only and had no security impact. (#28530).
    Additional internal sanity check for release change (#28531).
    Bugfix for misleading example for sync times in gos-admin-menu (#28337, #2013031110000011).
    Bugfix to remove unneeded files from internal cache after a release change like from 2.0 to 2.1. This saves some disk space (#28579).

  • 2.1.0-17 (2013-03-08): New: Configuration for authenticated proxies for feed synchronisation now also possible via GOS-Admin-Menu under Feed->Credentials (#27113).
    Bugfix for partition backup and snapshot for GSM from model 500. Requests for Backup or Snapshot via CLI-Admin were not executed properly. However, the backup management via boot menu was not affected (#28273).
    Improvement for results in prognostic reports in the web client: No fixed-with line-breaks anymore (#27946).
    Bugfix for Trashcan: Notes will now also removed if the Trashcan is emptied (#27998).

  • 2.1.0-16 (2013-02-27): Bugfix for Problem with concurrently executed scans and feed-updates (#28143, #2013021910000025, #2013022510000022).
    Bugfix for "Show Notes" and "Only show hosts that have results" of Report Filters that did not change upon "Apply" (#27945, #2013021510000014).

  • 2.1.0-15 (2013-02-20): Users with role Observer will not get offered the quick scan wizard by default anymore (#27806).
    In scan result browser, dark blue forward and back buttons on gray headlines are replaced by forward/backward icons (#27933).
    Update of internal on-board omp client command line tool (#27862).

  • 2.1.0-14 (2013-02-19): Scan sensors are now automatically updated with new releases via Master. Also, a system upgrade on the master will automatically run a system upgrade on its sensors. The GOS administration menu offers configuration of the list of connected and therefore managed sensors (#26010).

  • 2.1.0-13 (2013-02-12): Last release of Beta phase. First release of 2.1.0.